casa-mp-base
Public
Source
xxxxxxxxxx--- etc/clamd.conf.macports+++ etc/clamd.conf.macports 2019-11-23 14:00:02.000000000 -0500 # Comment or remove the line below.-Example+#Example # Uncomment this option to enable logging.-# LogFile must be writable for the user running daemon.+LogFile @PREFIX@/var/log/clamav/clamd.log # A full path is required. # Default: disabled-#LogFile /tmp/clamd.log+LogFile @PREFIX@/var/log/clamav/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # in bytes just don't use modifiers. If LogFileMaxSize is enabled, log # rotation (the LogRotate option) will always be enabled. # Default: 1M-#LogFileMaxSize 2M+LogFileMaxSize 2M # Log time with each message. # Default: no # Log additional information about the infected file, such as its # size and hash, together with the virus name.-#ExtendedDetectionInfo yes+ExtendedDetectionInfo yes # This option allows you to save a process identifier of the listening # daemon (main thread). # Default: disabled-#PidFile /var/run/clamd.pid+PidFile @PREFIX@/var/run/clamav/clamd.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). # Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user)-#LocalSocket /tmp/clamd.socket+LocalSocket @PREFIX@/var/run/clamav/clamd.socket # Sets the group ownership on the unix socket. # Default: disabled (the primary group of the user running clamd) # Maximum number of threads running at the same time. # Default: 10-#MaxThreads 20+MaxThreads 6 # Waiting for data from a client socket will timeout after this time (seconds). # Default: 120 #ExcludePath ^/proc/ #ExcludePath ^/sys/+# BRE regex References:+# https://www.clamav.net/documents/phishsigs#Introduction-to-regular+# https://forum.netgate.com/topic/102819/alternate-definitions-for-clamav/10+# http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb++# Exclude these attached volumes that `CrossFilesystems` doesn't prevent++# Exclude all attached volumes+#ExcludePath ^/Volumes/++# Exclude every volume that's not named /Volumes/Macintosh HD/+# Note: Use with `FollowDirectorySymlinks no`. The default is this directory+# is a symlink, and will not be scanned; otherwise scan if it's an attached volume+ExcludePath ^/Volumes/([^M]|M([^a]|a([^c]|c([^i]|i([^n]|n([^t]|t([^o]|o([^s]|s([^h]|h([^ ]|[ ]([^H]|H([^D]|D([^/])|$)|$)|$)|$)|$)|$)|$)|$)|$)|$)|$))[^/]{0,240}/++ExcludePath ^/Network/+ExcludePath ^/Quarantine/+ExcludePath ^/opt/Quarantine/+ExcludePath ^/dev/+ExcludePath /.dbfseventsd$+# macOS SIP https://support.apple.com/en-us/HT204899+# ls -leOd /* | grep restricted+ExcludePath ^/System/+ExcludePath ^/bin/+ExcludePath ^/sbin/+# ls -leOd /usr/* | grep restricted | perl -lane 'chomp; s/.+\/usr\/(.+)/$1/; print "ExcludePath ^/usr/$_/";'